Members

Donations keep this Plugin alive! If you value this Plugin I urge you to donate as much as can so that I can keep it up-to-date and make it better. The more money I get, the more time I can devote to it, the more you benefit.

Thanks for your support!

$14.88

$29.22

$48.81

$76

$152

You must login to manage your profile!

339 Comments on "Members"

Just updated my websites to the latest Plugin Version 4.19.68 and now all my sites say that Installation key is not registered. And even after i clear cache it shows the same . Your Installation Key is not registered!

I can see the key in the website showing is different from the key showing here in the list. It does not allow me to change the key in my website.

I see that you have issued SSL certificates on thee sites and started using the secured URLs starting with HTTPS instead of HTTP, so that is why each of those sites has been issued a new key (not because you upgraded to the new version). The key is automatically generated based on the Site URL so you cannot change that but it will change if you start using a different URL. All you need to do is to re-register each of those new key to the HTTPS sites using the same email address that you had registered all your old unsecured URLs to and then they will all be on the same account

I see multiple successful registrations on your account. Please try clearing your cache and refreshing your wp-admin to see the updated registration. If it still shows that you are not registered then please send me a screenshot so that I can see what might be causing this. You can also check your browser’s Console to see if there are any JavaScript error on the page that might explain why the registration check failed.

Thanks for detailing the troubleshooting that you have done so far. Your description is very specific and it sounds like you have covered all the main points, however this sound a bit different from the caching issue that Rajiv was having. First, let me confirm that I see two keys registered for the domain in question (one for the unsecured HTTP URL and one for the secured HTTPS URL), so this is not an issue with t he registrations but rather some kind of issue with your site verifying that the registration is already there. Now let me ask you for clarification on what you mean by “the installation key doesn’t stick”… if you are saying that when you return to the Atni-Malware Setting page in your wp-admin after your registration looks as though you have no key at all, and there is a button that says ” Get FREE Key”, then this is not a caching issue but actually an issue with your WordPress installation not being able to store the registered key into the wp_table in the database on your server. This could be caused by a PRIMARY KEY issue or AUTO INCREMENT issue in that table or a permission issue causing the DB to be read-only.

If this does not help you to find a solution for the issue that you are experiencing then I would need you to send me more info with screenshots of that table structure and a screenshot of the Atni-Malware Setting page in your wp-admin directly to my email so that I can see what might be causing this.

Great plugin! I had already cleaned this particular site but I just couldn’t be 100% sure I had completely nailed it. I now have peace of mind that the work I have done has sorted out the issue. Thank You!

I see that your new domain was registered to your account successfully. In most cases the reason that you might not see this updated information in your wp-admin is because of some kind of caching issue on your end.

Try clearing your cache in your browser and in any caching plugin that you might have installed on your site. Then do a hard refresh (Shift + F5) and see if it shows your registration then. You can also check the Console tab in your browser’s Inspector to see if there are any JavaScript error on that page. It is possible that there is some kind of pop-up blocker or script blocking settings that are preventing the registration check.

I’ve donated $29. I understand a donation will give me automatic definition updates. Does the one donation cover me for only one site or for multiple sites? If the latter, how do enable automatic updates for other sites?

If you register all your sites to the same email address then you can enable the automatic updates on all of them. I see four sites registered to the account that you donated on. If there are any other sites that you may have registered under a different email address then you can click on the Key in your wp-admin and re-register those sites under the right account

I have donated three times at the $29 level on this account, and I think I may have even donated on another account. Thanks for your hard work and efforts with this plugin that I find invaluable. I will be donating again and again, because I use the plugin on multiple sites and think it’s only fair to do so.

Hi, this is the first time I´m using your plugin, my Host says that my site it´s getting to much CPU usage and I dont found the issue; y ran a scan but its been almost 24 hour now and still havent finished (almost done). So far havent found malwarebut it found 115 read/write errorsm a lot to check one by one. Does that might be the problem?

It is not normal for the scan to take that long. If it take more that 30 then there are some abnormalities on your server that are slowing it down. The high CPU usage is to be expected but not for that long of a scan.There must be some kind of conflict that is causing all those Read Errors. You can check the error_log on your server to see if it has any clues as to what might be causing this conflict. You might also see if there are any JavaScript Errors in your browser’s Console that would explain why the scan is taking so long.

I have multiple sites infected, your plugin works great although it removes it and the sites get re-infected. Anyway I want to make a donation, but can I do this as a whole for all the sites with the plugin installed?

Are those file listed as Potential Threats? If so then you need to download the latest definition updates and then run the Complete Scan again to detect Known Threats. When Known Threats are found you can click the Automatic Fix button and my plugin will remove the malicious code from all those files.

Hi!
I currently have 2 sites registered under the same email address: but I am handing over responsibility for one site to someone else and want to assign this to their email address, whilst keeping the other registration on my existing address. How do I do this?

You can login to http://gotmls.net/members/ and then “un-register” that site so that they will have to re-register it themselves, or you can simply re-register the site to them directly by clicking on the key on the Anti-Malware Setting page in their wp-admin and entering their email address into the registration form.

Hi, After donating i want to run your plugin on my 5 sites , what process i will have to follow for the same? Currently my one website is registered with plugin from a different email id, i need to transfer/ bring all websites under my official email id, how i will achieve that can you please guide?

If you have already registered multiple sites/keys under different email accounts then you can login to http://gotmls.net/members/ under your other email accounts and transfer those registrations to your main account.

Hi,
I just donate usd29 and would like to use the new Key also to those 2 domains that were previously unregistered. So, how I can remove the unregistered Key (issued to a different user tht has installed your plugin few days ago to those domains)? thanks a lot. Raf

Each site must be registered to it’s own unique Key but they can all be on the same account if you register all your keys under the same email address. If you have already registered some of your sites under other email addresses then simply login to the members page with the password sent to those other email addresses and transfer those registrations to your main account

Hi Eli, i have a website placed in godaddy, which has no free virus scan option in cpanel. My site was hacked by a wordpress plugin bug last friday (probably 20k sites, too). The hack was a malware redirecting site. The plugin owners gave us a solution which fixed the URL hacks. I checked online malware&virus scan sites to see how clean my site is before the fix and after the fix. Now they say there is still malware infection, but i tried the malware scan plugins and also your plugin and all of them says it is fine and clean. Is this because your plugin is not updated for this problem I have not donated yet, can this be a problem to get an answer from you? Thank you

If you register all your sites using the same email address then they will all be under the same account and that one donation will unlock the automatic update feature on all of them. Once you enable to automatic updates and click save the core file definitions will be installed automatically on each one.

Hello… I have read a few times that there is a button to click that will remove to malware… I have donated, re ran scans… but do not see a “fix” what am I missing… scanning and knowing is nice… but pointless unless there way to fix the issue.

If the scan find any Known Threats then there will be a button to Automatically fix the selected threats. Make sure that you have downloaded the latest definition updates and if you still don’t see this button then you can send me a screenshot of the scan results and I can help you further.

Your email was yesterday (23 hours ago) and I just replied to it. I am extremely busy but I would like to help you so please send the files you mentioned as a zip attachment directly to my email address so that I can update the definitions with a fix for you.

First of all, you don’t need to kill any processes. Just because it did not finish does not mean that it is still running, it just means that it was not able to get to the end of the scan before failing. If you had stayed on the scan page for more that 120 seconds then the process would have ended one way or another. Either it will finish with some type of scan results or there will be an error message, or maybe it will fail without loading the page (errors or no errors). Regardless, there is no action needed to stop the process and you can attempt another scan at any time. If the Quick scan continues to produce no noticeable results after 120 seconds you can assume that it was unsuccessful and just run the Complete Scan instead. The Complete Scan is more appropriate and the Quick Scan is only useful and effective in certain circumstances anyway.

Made my first donation but I won’t stop here. Your plugin has been such a great help and I am going to continue to donate from time to time and do all I can to support your great work! Thank you so much Eli!

“NO_HTTP_REFERER” …has locked me out (logging into WP) using my usual control panel through my host. I’m sure this can be fixed with FTP. I’m sure this is a side effect of the Brute Force setting.
Just wanted to say, besides this hiccup, your product worked great! What this plugin wasn’t able to fix/delete – I was able to easily find with FTP and plugin as guide.

First, there should always be an HTTP_REFERER when you are submitting a form, that is why it is one of the things that my Brute-Force Protection checks for. If you are going to your wp-login.php page and then submitting the login for and you are getting this message then you must have some kind of privacy/anonymity or security modification to your browser that is concealing the HTTP_REFERER (this would make you look like a hacker). Otherwise, it could be that you are logging into your site from an external page or there could be something very wrong on your server so that it does not see the HTTP_REFERER.

Now, if you are unable the fix the real problem that is cuasing this then you can simply disable the brute-force protection. If you cannot login to get to those firewall settings then you just need to comment-out or delete the first line in your wp-config.php file, right after the opening PHP bracket “Reply

I have been using your excellent tool to get rid of some malware on my website, but it keeps coming back. The only error that seems to always come up after scanning and cleaning is a read/write error with
/public_html/wp-includes/js/jquery-migrate.min.js
is this possibly where the bad code is hiding?

It is not likely that any JS file is spreading this kind of threat on your site, and that file is probably only getting the Read Error because it is rather large and the memory_limit in the php.ini file on your server is set too low. If your site is on a shared hosting account itt is more likely that it is getting reinfected by another infected site on that server. You can check the raw acceess_log files on your host (ask your hosting provider if you are not sure where to find these logs) to see what scripts are being call at the exact times that the reinfection occurs (see the Anti-Malware Quarantine for infection times). If there is nothing there then you should probably move your site to a more secure hosting environment.

One donation of $15 will unlock the Brute-force protection feature on as many sites as you register to the account using the same email address. Furthermore, if you donate $29 or more than it will also unlock the Automatic Update feature which you can use to install the Core Files Definitions on all those same sites

The key for the secured URL of your site is already registered to you, so you do not need to register it again. Just make sure you are on the HTTPS site (the one you already registered) and you should be able to download the latest definition updates.

If you still have issues with your registration or the updates then please email me directly with a screenshot of the issue you are having.

It is designed to skip binary file types by default that could not directly execute code on the server and empty files. This saves a lot of time when running your initial scan but you can always change those defaults in the scan setting if you really feel it is necessary.

That is why I have set those files to be skipped by default. You can contact me directly with your specific findings and a screenshot of any problems that you find so that I can better help you get the the source of this issue.

If I install the plugin on the main domain of my hosting account it will scan everything – including WP installations on add-on domains (installed in folders). Will it also protect them or do I need to install on every site?

It can scan all the sub-directories inside the root of the main site (including any other sites installed there), but it cannot add any protection to each sub-site or detect the proper version of the core files on each site unless it is installed on each of those sites specifically.

A Read/Write Error means that the file could not be scanned, usually because of the permissions on that file or a restriction of your PHP server. Basically, if a PHP process running on your web-server cannot access the file then my plugin cannot scan it.

If it was a one-time occurrence then I wouldn’t worry about it. Your browsere was probably left on the login page for too long and your session expired. If it happens consistently then you may have a problem on your server that is preventing sessions from being created at all.

I am sorry but PayPal is currently my only way to receive donations. I could look into another method if I know it would be easy to integrate and more people could use it. What online payment options do you have in IRAN? What would you recommend I look into?

Greetings. I finally was able to donate under my main Email address. It seems that I have some registrations under an alternate Email address. Is it possible to merge the two? If not, how do I uninstall the plug in completely in order to reregister under my actual email address? I am unable to find the directions here in this forum. I did find the /members area, but that only gave me the option to choose one email or the other. Thanks.

Yes, you can combine your registrations into one account. no, re-insalling the plugin does not change your registrations. You found the /members area, yay. All you need to do is transfer those registration under one email into your account with another email. It does not matter which email you combine them into, as long as all the registrations are under one account.

Okay, thank you. Was worried about losing the paid account, but it appears to have worked perfectly. There are only a few plugins that I use consistently and yours is at the top of that list. So glad we could start sending you support. Thank you.

A 504 is a Gateway Error, which would seem to indicate a problem on the server or issue with your site that is causing many pages to fail intermittently. I suspect you got this error when attempting to fix because of a simultaneous load issue on your site or some other server interruption.

My site was working, but slow and couldn’t reach all pages, getting many 504 errors. Hostgator advised all PHP pages were infected with malware, although online testing, including Google showed no malware. Why was the malware not found online?

I went into CP and looked at some PHP pages and all had long code at the top of each page. I deleted all the code by hand then a few hours later all PHP pages had the same code again!

Not knowing what to do I found this site and downloaded the plugin, made a donation to get full benefit and the plugin found 400+ pages infected. I then cleaned them and exported the site and will load to a new server as 4 other sites are also infected.

If I download infected files can I install on my Localhost and then use the plugin to clean them or will my Localhost become infected?

You can download the infected PHP files safely but you must make sure not to execute them with PHP. If the code in those files gets executed then it could infect your local machine. I would suggest cleaning all the sites in-place, on the server. You can install and use my plugin on multiple site, just use the same email address to register them all so that they are on the same account.

Yes, I discovered that I can use the plugin on multiple sites with my code. As I clean each site I compress the clean files to a .zip and download them to my computer. After cleaning one site it is not being reinfected, which is good news.

A great plugin and I will make another donation when I have done the 6 sites on the server.

cpanel has an antivirus included and it found some viruses that anti malware didn’t found:
public_html/foldername/errors.php: quarantining……done
public_html/foldername/images/patterns/views.php: quarantining……done
public_html/foldername/images/patterns/kam.php: quarantining……done
public_html/foldername/js/mail.php: quarantining……done

name of viruses are respectively:
Win.Trojan.Hide-1
Win.Trojan.ld-34
Win.Trojan.Mailer-10
Win.Trojan.Mailer-10

The partial snippet of code that you sent me does not help if I cannot see how it ends, but based on how it starts off I am pretty sure that this threat is already in my definition updates. Please send me the whole file as an attachment so that I can be sure or get it added to my definition updates if it is something new.

I may be premature in asking this because the scan is still going, but Google has provided a list of the infected pages on our website. Your amazing, brilliant scanner has picked up numerous problems and fixed them but none of them are on the pages that Google says are the problem pages.

I’m scared that we are going to miss the pages that Google says are the problem pages.

Google will only tell you about Pages (URLs) that are showing malicious content. My plugin will find the files (PHP code) that is responsible for that content being displayed. Once the files are clean then you can request a review in your Google Webmaster Tools account and Google will rescan those URLs to make sure they are clean and then remove your site from their blacklist.

OMG. Your scanner worked. We are back on Google. I paid someone $50 to help me clean our sites and he didn’t get any result. And I paid someone else and he didn’t get a result. But your scan did it. It found the infected files and cleaned them with one click. It took 4 hours to scan only about 100 pages but it was worth it. You are a champion.

Hi
I just get registered and made donation but, i still see no key in the plugin setting page and “Download new definitions” has no effect (“Download the new definitions (Right sidebar) to activate this feature” still in red)
Any help ?

The same way your registered your first site. Install and Activate the plugin, then go to the Anti-Malware Settings page in your wp-admin, click on “Get FREE Key”, and submit the registration form. Just remember to use the same email address that you used to register your first site if you wan them to be in the same account.

Wow, I was overwhelmed and I happened on your plugin. I had found some but I don’t know php and some of the php code seemed odd to me. Sure enough, you flagged it!! Stats from my site:
5202 Scanned Files
1074 Scanned Folders
Found 4 Backdoor Scripts
Found 22 Known Threats

The two most likely reasons for the definition updates not being installed are either: you have a post size limit specified in your php.ini file that is too small for the initial updates; or you might have another firewall plugin installed that is blocking the updates.

I’m sure that the Automatic Update method would work for you but I am sorry that I don’t have any other means of accepting donation besides PayPal.

If you would like me to troubleshoot the definition updates on your site you could send me your wp-admin login, directly to my email address, eli AT gotmls DOT net

A scan I just did of my site showed that it was clear of malware, however, when I visit it… my antivirus warns me that the site is infected. I confirmed this on another computer. Why is this? I thought your program would catch it.

I don’t know what type of warning you got from your Anti-Virus software but your site looks clean now. The warning you got was probably related to a blacklist which can sometimes take a little longer to clear up even after you have cleaned your site.

Have the definitions set to auto update is the reason that your custom white-list get’s overwritten. The auto update feature installs the most current definition every time a scan is initiated, so you won’t see them getting installed until you start a scan because they are not needed until then.

As for those HTML file that you are trying to white-list, can you send them to me so that I can see if they are false positives?

I have optimizedpress on my hosting account with WP. A bunch of pages for OP show they are a known threat because there is js after the body. It seems that this script should be there changing some fonts on the page. I was wondering if you can verify its a false positive.

Hi, I meant to donate the $29 to to BETA test the new Scan Core File feature and get Automatic Definition Updates.
I donated $14 by mistake
Can I pay donate the difference? I want to try it out and if ths works I will donate for each installation I make on each wordpress site I have.

Hello! Plugin is fantastic and I’ve donated for sure. Issue is the “Automatically Fix Selected Files Now” isn’t working for me. Then I tried to press the designated button for it it was taking too long and I keep getting this error:

Not Acceptable!
An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.

Can I get some help on this please? If I can get these errors fixed, it would be amazing. Thanks!

It sounds to me like your Mod_Security settings are blocking my plugin from fixing those files. You need to talk to your hosting provider about changing the settings for Mod_Security to allow these requests or else whitelist your IP address to that you can at least fix those files.

I am using your plugin from the beginning of my blog. Recently Google has warned me about malicious content on my website. But after scanning the site it’s not showing or detecting anything new. But Google has not removed the warning. Can you please suggest me what to do?

Sometimes Google take a long time to update their cached results for a site and this delays the removal of that warning you are getting. Re-check the date on the last threat that is shown in the Security section of your Google Webmaster Tools. If it is today’s date then you may have a new threat on your site, have you downloaded the latest definition updates for my plugin?

It sounds like that site was already registered. The same Key will be regenerated for that site every time you Get the Key, but it cannot be saved unless the definitions are downloaded. The problem is that you don’t seem to be able to download the definitions on that site. I’m not sure why it’s not downloading on that site, and this suggestion is kind of a lame workaround, but have you tried the Automatic Updates? When the manual download and save fails for whatever reason the Automatic method always works. Just click “Get FREE Key” as usual but then check the “Automatically Update Definitions” box at the bottom of the Scan Setting page and then click Save.

Thanks for your donation. You just need to check the box for Automatic Updates at the bottom of the AntiMalware -> Scan Setting page in your wp-admin and then click Save. Then you will have the definitions for the Core Files.

i need help. My host (hostgator) have restricted all my sites, and now i cannot even access to my WP admin, so i cannot make your plugin run …. (is there a way you can help me via ftp access only ?) – thanks

well.. i’ve managed to migrate the sites one by one to other servers, so i can have access again to WP panel, and use your plugin to clean them up..
Thanks for your help, and by the way, i just paid the 29$ via paypal today for your plugin which sound to work really good !.. Thanks a lot again for your work !..

PS : Hostgator is just a big Axx Hxxx and don’t help you at all when you are in trouble with malwares or attacks. They just close your site and that’s it. And then they try to sell you their security services, … for very expensive ..! Good business for them !.. So I decided to move all my sites to other servers … Bye bye, i am not going into this fake business ..

Thanks for this tool, it has identified several issues. However, when I run the quick scan on themes it skips all of the subfolders. I don’t see any settings where I can update the quick scan. Is there a way to update this?

The Quick Scan was designed to be a fast and short scan of the most likely locations for Known Threats. It runs under a single PHP process so that it finishes quickly but that means it has memory and timeout issues so I defaulted the scan_depth to 2 so that it would not drill down too deep and get stuck half way through a scan. You can manually override the scan_depth by adding the URL parameter at the end of the Quick Scan path (try adding &scan_depth=3 to the end of the URL, if that work then maybe try 4 or 5).

my url got malware/virus , if open desktop web i didnt see any different but when i open my url via mobile phone, the url keep direct me to adsvertisement web, i already use your plugin to scan but didnt detect any malware/virus ? any step i miss ?

After most recent update I no longer can download new definition updates. It says, “Your Installation Key is not yet Registered!”. But as I found out in my profile in Gotmls it is registered and active.

Thanks for the login. This is a multisite and I don’t have network admin access so I cannot fix it for you but I did figure out what the problem is and I just released another update that should fix this for you.

Please download version 4.15.19 and let me know if that does he trick.

Eli,
What about multiple sites. not to complain because Im happy as a pea. but I have several personal websites. Can I use the same key? or do I must I donate for each of them? just asking. BTW great plugin. World needs more people like you!
TIA.
Sam

Each site generates it’s own key, but you can register each site key under the same email address so that they are all on the same account. Then you can make one lump-sum donation for all sites on that account.

I don’t see where I can add this to my other 2 sites. I have a few plugins that I did pay for and there is always a license key on top that I just paste my code to, and it activates it on the site. I don’t see anything like this for the other two sites I have no idea how to do it. Can you instruct me please?

The fix isn´t working.
The scan finds 306 knwon threats, but when I press “Automatically fix selected files now” it thinks for 3 seconds and says “Nothing selected to be changed” and “Done!” and nothing happens

Thank you for sending me a login to your site. Something on your site is blocking my plugin from submitting the “Fix” form. I upgraded my plugin on your site to the BETA version that I am about to release. The new version of my plugin includes a workaround for this scenario and you should be able to fix the malware it finds now.

The Scan Depth is how far down to drill into directories looking for threats, not how far up to start looking.

I have set The Scan Level for your domain to start scanning one level higher, this should get you into the public_html directory where you can scan all your sites at once, but you need to Download the latest Definition Update for this change to take effect.

It is possible for hackers to take control of a server at the root level (outside you home directory) but there is not much you can do about that unless it’s your server.

Help, I have used the program, registered the key and made a donation. The scan will only complete to 66% and it seems to have really, really slowed down my site. I do not know where to begin to correct this.

There is no way to schedule a Complete Scan at this time but that is a feature that I am working on. However it would be a pretty poor band-aid to just keep scanning and cleaning your sites over and over when what you really need is to get them all completely clean and patch the hole that is letting these hackers reinfect you.

Two things that might help you right now are: (1) I could get my plugin to scan all of your sites at once from just one admin page if all your sites are on the same server, (2) If you find out how the hacker is planting scripts on your server then you can stop him (or her) from continually re-infecting you.

There are a lot of .js files that come up as Potential Threat just because the use the eval() function. These are usually ok but I leave that general rule in there in case you have a threat on your site that you cannot find in the Known Threats. If you are sure that these are all ok then you can whitelist them in my plugin and send me your reason in the form provided then I will get to adding them to my global whitelist when I have time. Honestly, I am very busy right now and whitelisting potential threats in .js files is about the lowest thing on my list of priority list. This being a free plugin, financed only by your donations, I do what I can to make it the best it can be, focusing on new threats first and then important features and enhancements.

I have barely used this plugin for 8minutes and I’m like wtf is this. This is the best plugin I have ever come across on wordpress and you really deserve lots of kudos for this. Do you do freelance work?

Hi Eli. I have just stumbled on your plugin. Google blacklisted my blog couple of days ago and the problem listed was a code injection that was linked to a website called earnmoneydo or something like that

”

I have tried to look for this code but couldn’t find it. I have run your plugin and I have deleted 4 known threat. Does that mean its a safe now even though the code wasnt included in the one your plugin found?

If you removed the Known Threats that my plugin found then it probably fix. Now you need the Google to refresh the cache they have of your site so that they drop that warning. The best way to do that is to request a review in the Malware section of your Google Webmaster Tools account.

MW:SPAM:SEO is a generic label for a broad range of malicious ads. Although my plugin can find and automatically fix many of then there are always new variants that come out that need to be added to my definition update. If you can provide me with WP Admin access to your site then I will find this new threat and add it to my definitions so that it can be automatically removed like the rest.

The problem was just that you had not downloaded my latest definitions update. Once I did that and ran a Complete Scan it started finding a Back-door redirect script embedded in hundreds of WordPress core files. The Complete Scan took about 25 minutes to scan over 20,000 files on your site and found a total of 820 malicious scripts. I had it automatically remove these injection from the infected files and your site does not appear to be infected any more.

It looks like it may have been a vulnerability in your “irresistible” theme that let this hacker into your site. You should delete that theme if you are not using it.

I installed your great plugin previously and it was working great. I updated WordPress and now your plug in is not showing up on my dashboard. Also, I tried installing and it says that it the plugin already exists but I am not finding it. Can you please assist?

I just installed your plug in but it didn’t find any known threats but I do have a real compromised problem here. When I type in my website http://www.octaviaharris.com on sites like facebook or https://bitly.com/ the description and page text display weird text like this:

Isr med assoc j androl mccullough levine return of Levitra Viagra Vs Levitra Viagra Vs symptomatology from a nexus between the serum. Criteria service connection on erectile dysfunctionmen who have Price Of Cialis Price Of Cialis revolutionized the users of ejaculation? They remain the chronicity of diverse medical Cialis Cialis and minor pill communications.

It just started happening yesterday. Can your plug in help resolve my issue?

It should be able to find this threat. If you have downloaded the latest definition update and it still does not find any known threats on a Complete Scan then you can send me your WP Admin login and I will find it for you and add it to my definition update so that it can be automatically detected and removed.

Thanks for this AMAZING plugin
I have tried everything to reface my website
crescentcarco.com
replaced every file, except the uploads folder *checked it manually*
now my subpages work fine but my main page still redirects.
can you PLEASE take a look at it, I will be obliged

Protecting your site from future hacks is difficult because there are just so many ways that hacker will try to get in. In your case, because of the way the DB was hacked I would suggest moving to a more secure hosting environment. Cheap shared hosting is just so vulnerable to cross-site contamination, control panel breaches, and root server hacks.

I now offer very secure hosting for those that are getting too much attention from hackers and need a safer place to host their site. It’s $12/month per site and there is no control panel. Let me know if you are interested.

Thank you for the wonderful work you’re doing and for this great plugin.

Three of my WP sites were hacked last week and the hacker’s page and music (from Philipines) were inserted on my homepage. After a couple of days, Hostgator fixed it for me and warn me to always updates my plugins and themes.

Today, the same hacker did his thing again, only it has affected more of my sites.

Thus, I downloaded your plugin and after scanning one site, it identified 4 potential viruses. Below is one of them.

Do you think this is the virus. I can give you admin access if that will help.

Thanks for sending me your WP Admin login credential. I downloaded my definition updates and ran a Complete Scan on your site. Those potential threats are all ok. It looks like your site was defaced by a hacker using a vulnerability of your server or another compromised site on your shared host. There may be nothing you can do to stop an attack like this other than moving all your sites of that server.

The good news is that the damage is minimal and very easy to fix. The hacker has planted a file called index.html in the root directory of each infected site. WordPress uses a file called index.php so index.html is not needed and should be deleted. You can use your host’s file manager or any FTP client to delete these infected index.html files easily. I have also updated the scan range of my plugin on your server to scan the whole public_html directory and all the sites in it. If all else fails you can use me plugin to find and delete these infected files, it will take a really long time to run a Complete Scan on all those site but the option is now there if you need it.

I’ve got some malicious virus on the website and ran your plugin which found 18 potential threats. A lot of index.php in different folders that just have one single script in each file (?). But i really dont know how to do now. How do I get rid of this malicious virus? Can you please go into the website and fix this? Would of course make a donation if the virus gets away.
Thanks,
Limp

Have you registered my plugin and downloaded the latest definition updates?

If you have done this and my plugin still does not find any known threats then this could be a new type of infection that needs to be added to my definition update. As I told Limp Salas, if you send me your WP Admin login I will find it for you and add it to my definitions so that it can be automatically removed.

It sounds like this could be an SQL injection. You should try changing the login credentials to your DB. If the attacks continue at regular intervals check the log files at the time of the attack to see if you can spot the script file responsible for the injection.

Something has infected all of my plugins on different sites. I am trying to run your plugin (which I resintalled) and I am getting the message

“Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.
This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
Consider disabling caching and compression plugins (at least during the scanning process).”

I don’t have any plugins running (as a result of the virus), so I can’t figure out how to fix the issue with the output buffers. Any ideas? Right now it has checked 25 folders in 18 minutes with 4,407 folders left to go.

eva1fY2bak1cV2ir sound like a malicious function that was hacked into your site to inject redirects or ads into the output of your pages. It is probably embedded in your theme or one one of the core WordPress files. It may also be encoded so that you cannot easily search for it or tell what it’s doing with your output.

It’s obviously affecting the speed of you site if it’s taking that long to scan. If my plugin does not find it when the scan finally finishes then you can send me your WP Admin login and I’ll look for it for you.

I noticed that all my sites I have your plugin installed on got a message alert that the wp-content/plugins/gotmls/safe-load.php file was changed. Did you do this or are the hackers trying to defeat your plugin?

I am learning how to be a web master and have had to deal with these malware problems more and more lately. I love your anti malware program. Can I get you to look at our site and help me make sure there are no problems. This is a school website and I need to make sure the community can access this website safely.

my site http://www.cic-caracas.org is infected by malware. i have scanned using this plugin and confirmed and said it took care of some of the treats but listed 68 potential threats. What can I do about all of those. Please tell me how to remove all those or if it is necessary.

Thank you for this great plugin! It fixed a lot of crap having entered my site, but yeasterday I got a new one. All plugins disapeared, but still in the plugin directory. I removed everything to try to re-install, had a hunch so started with Anti-Malware to run a scan and it reported:
“Another Plugin or Theme is using ‘eva1fY2bak1cV2ir’ to hadle output buffers.
This prevents actively outputing the buffer on-the-fly and will severely degrade the performance of this (and many other) Plugins.
Consider disabling caching and compression plugins (at least during the scanning process).
What is this “eva1fY2bak1cV2ir” – and how to get rid of it??

eva1fY2bak1cV2ir is a custom function that has taken over the output buffer on your site. I cannot say exactly what it does without seeing it, but I would guess it is filtering the content of you site to display only what the hacker wants to display (or it inserts content that the hacker wants to add to your site).

If you want to give me access to your site I will see if I can find it for you.

Thanks so much for the great plugin. I have an issue with some Malware on our site. Sucuri says it found Malware, but your plugin and Wordfence both say the site it clean. However, both computers I accessed the site with ended up getting infected with the “system-care antivirus” malware, so I suspect this is what Sucuri is picking up. I am not sure what my next step should be or where to look in my files for suspicious code. Any suggestions would be greatly appreciated.

If you have my latest definition update and you are scanning your whole site and it’s not finding anything then you may have a new virus that I have not yet identified. These threats are alway evolving and adapting to avoid detection. Would you be willing to provide me with WP Admin access to your site? Then I can find it and update my definitions update so that it can be automatically repaired by my plugin.

Sometimes it take a little while for Google to review your site and notice that it has been cleaned. For future reference, you can speed that process up by requesting a review in the Health section of Google’s Webmaster Tools.

It is, as you say, normal code.
It is the essentially the first line of code in every wp-login.php in every install of WordPress.
It is also extremely vulnerable to a brute-force attack.

Basically, if that wp-load.php file is included without certain protection, it can bring down your whole server. My plugin now has a patch for this file that stops the WordPress bootstrap from loading if it senses a brute-force attack. This was inspired by the wide-spread brute-force attacks that have been targeting WordPress login pages around the world for the past few weeks. These attacks have crippled servers and probably succeeded in stealing some passwords too. So my plugin looks for the absence of my patch and , if not found, classifies this file as Exploitable. Select this file to be fixed will automatically apply my patch, in much the same way as it patches older versions of timthumb.php that can be exploited to write malicious code to files on your server.

I hope this suitably explains why it is highlighting this “normal” part of any WordPress installation. Please feel free to contact me again, should you need any further explanation or assistance.

That explains why I thought this was coming up with a false positive. I see where some people were having issues logging back in after applying the fix. Is that fixed now? I don’t want to apply the patch and then not be able to log back in.

Also, I have a couple of files that are written with an eval Base_64 statement in them. I sent the potential virus file to the creator of the plugin and asked if the code (machine code I couldn’t decode) was legitimate. They said it was legit.

My question is how do we mark a file as not a virus after using your plugin?

There were a few people who had a problem logging in after applying the first version of this login patch. This was because there servers had register_globals turned on and WordPress destroys session vars whenever register_globals is on. I have fixed this in the current patch and it works great at stopping these brute-force attacks.

If you have any false positives that come up because a plugin developer is trying to be sneaky or cryptic like a hacker then I can whitelist that code but only after I decrypt it and check it thoroughly to make sure it is really ok.

I’m sorry you got conflicting information on that page. I had to disable that particular update because it was causing problems on some peoples sites. I have just released a plugin update that reolves this issue. If you download the new version 1.3.04.19 then it should work correctly.

Hello Eli, Just downloaded and ran your plug-in. It did find some malware and repaired on my site. Problem Is I still have an issue with my site Google is calling malware and has posted a warning. I would like to give you more info if you could look

This is a common problem for people, after removing the malware you need to have Google review your site. There is a Malware page in the Health section of Google Webmaster tools where you can request a review.

Malware has completely messed up the appearance of my blog. I don’t have a current backup so I’m trying desperately to restore my site without completely wiping it. I’ve run several scans from various sources and they all show different results. I’ve heard good things about your plugin so I’d love to use it but it shows no threats (but skipped about 1100 files). Am I out of luck or am I doing something wrong?

Your not out of luck because you just contacted the right person. You probably just have some new malware variant that I have not written a definition for yet. If you send me your WP Admin login I will get in there and find it for you, and add it to my definition update so that it can be automatically repaired.

Thanks for sending me your login info, and for the tip about the analytics plugin. I found the Malicious code embeded in the main plugin file of the Google-Analyticator Plugin. I have added this new threat to my definitions update and repaired that files with my plugin. You can enable that Google-Analyticator Plugin again if you want to still use it.

Hi
I have a site bluemonkeyonline.net that is infected with malware which appears to come from bizwonk.com, as every time I load bluemonkeyonline.net, bizwonk.com appears in the lower left of the browser window. I have scanned and infected files have been located and quarantined and a number of potential threats have been found, but the site is still infected as on reload the domain bizwonk still apears. Am I doing something wrong.
Cheers….michael

It sounds like you have an iframe injection that is not being detected by me plugin. If you want to give me WP Admin accesss to you site I can find it and add it to my definitions so it can be automatically removed.

I really need help… I’m one of several administrators for this site: http://www.bryggerietsgymnasium.se. It’s been blacklisted for a week so I decided to spend my weekend trying to solve the problems. Without success. I have installed Anti-Malware and another malware plugin and done a check with Sucuri, and I get different results everywhere. Sucuri results are that it doesn’t show any problems but still have been blacklisted by Yandex. I have updated wordpress and all plugins. Anti-Malware results refer mostly to script files (23), both in wordpress and plugins (among them the other malware plugin!). I have been able to half the problems by removing a lot of old posts but it’s more tricky when it comes to pages. The other malware plugin finds problems everywhere…. Now I’m a bit desperate. Can you please help?

I have trouble that Avast software find malware and block my site. I’ve tried almost 10 different check up software and sites that do that to find something. but doesn’t find anything. Is Avast just being stupid with my site or?

Hi, a visitor of my site discovered that his Avast! flagged it as containing malware. This plugin doesnt recognize any threats when I scanned through the files. Should I not worry or might there be something that this plugin cannot find?

I just registered the first domain and wanted to run a scan to see if it does as advertised. if it does, I too want to be able to protect all my domains under two email addresses. I have one for my personal use and one that is a reseller account I put my clients sites in.

So far I have used the scanner on three of my sites. Each time they found 2 known threats. When I clicked auto fix, it would fix one of the files, but not the other. What should I do next. Can I actually delete that file from the directory or no? Thanks for your help.

I would not delete the file unless you are sure it is not needed for your site to function. Usually these types of infections are just one line of malicious code that is injected into a core file that your site was already using and deleting that file will break your site. The trick is to remove the malicious code while preserving the integrity of the rest of the file. That said, there are sometime files that are all bad and no good and not needed at all which you can delete but knowing the difference if the key. If my plugin cannot remove that second threat then it is probably due to the permissions on that file.

If you want I can take a look at and fix it for you and give you more info. You can send login credentials directly to my email if you want me to check it out: eli at gotmls dot net

I just wanted to follow up from last week, and say thank for providing the WP Admin and FTP logins I needed to get you issue resolved.

How has your site running? It looks like it has stayed clean but I see it is still blacklisted on Google. You need to go to Google’s Webmaster tools and request a review to clear that warning. Let me know if you need help with that.

Also, it looks like there are still vulnerable timthumb.php files in the themes of two other sites on your server. These are not viruses but they are still exploitable and could lead to another infection. My plugin can scan all the sites on your server at once and automatically upgrade those timthumb files to patch that vulnerability.

Great product – just made a donation. Do you have any simple suggestions for new WordPress blogs to prevent malware, etc. I read somewhere to change categories and to make difficult passwords but I couldn’t find the article again.

There is no golden solution to this general problem, but usually keeping WordPress up-to-date and making sure the theme and plugins you are using do not have any known vulnerabilities is a good start. It is also a good idea to run regular scans for mal-ware. I am working on a cron engine for scheduling automatic scan which will help with that.
I have never hear anything about changing categories but it couldn’t hurt to have strong passwords (but these kinds of hacks usually don’t need to use your password to get in).

Thanks for your donation. The more support I get, the more I can support this plugin and make it better and stronger against a wider variety of threats and vulnerabilities.

I think you are asking if it is possible to not show the Anti-Malware menu item.
If so you may want to look on the bottom-right of the Scan Settings page and change the “Menu Item Placement Options” setting to “Sub-Menu inside the Tools Menu Item”.
If that is not what you are looking for then please try me again and I’ll see what I can do to help.

I will definitely look forward to donation, if you really helped me out. As i wasted my money into SiteLock service, i have requested the refund after getting it i will donate the same amount to you…
Please help me ASAP.

I can help you now but I will need you WP Admin login to scan for this threat. When I find it I will add it to the definition update and it can then be removed automatially. Please send login credentials to eli at gotmls dot net or reply to this notification.

Hello, I just downloaded your plugin and my website mobile version seems to be redirecting to a russian model website. Can your plug in fix this malware problem? We are more then happy to donate if it can.

If you use the same email address when registering the other sites then they will all fall under the same registration. If you have already registered some under other email addresses you can login to those accounts and transfer those domains you have already registered to your preferred email account.

It looks like sucuri already removed some injected code from those htaccess files. My plugin had found some remaining code left in pieces in those files and when it tried to remove the last few pieces of code it broke the file. This would not have happened if my plugin had scanned these htaccess files before sucuri modified them (when the whole malicious redirect code was intact) or if sucuri had removed all the injected code when they cleaned the file, but at least we know how it happened and I can try to accommodate this sort of thing in the future.

Thanks for giving me the chance to look at it all on your server. Please feel free to contact me if you need more help.

Hey Eli,
Great plugin, I am impressed so far at it finding some malicious scripts, but it reports this one as a potential threat, when I am pretty sure it is a threat
Basically everything from “var _0x4470=” onwards has been appended by a hacker/ malicious script.

Hey Eli,
Thanks for the reply, and diligently adding to the definitions.
I have removed these manually, so haven’t been able to successfully get them to be removed with the scanner yet, but hopefully I will soon… well hopefully not actually, but you know what I mean.
I was thinking it would be good to be able to submit potential threat files to the definition too, so that jw player for example (a common plugin) isn’t caught everytime as it has an eval() in it…. that is apparently legit…?
I would be happy to submit my scripts to you from plugins… or just the links to plugins with eval() in their scripts, and you could then get the original for your definition and compare?
Thanks again.
C

Thanks. I understand. I have not had the time I need to go through and exempt all the legit uses of eval and the like. I do have a method for white-listing benign code that would otherwise come up as a potential threat but it will take some time for me to go through and list all the exceptions properly without allowing loopholes for the malicious code.

I am sorry I havenot made any donation yet. I just started trying the service you give. I have a problem that I can not solve yet. There is “Found the document has moved here” note on the top left corner of my blog page. I think this is a malware or a kind of virus. I try to scan all the plugins, wp content and html but this software plugin seems does not workl
Please help me this malware is very disturbing and dangerous for my web blog and my computer.
I am looking forward to your support and help. Please…

I found the problem. If you are logged into WordPress go to Appearance>Editor> on the right hand side click on “Theme Functions” (functions.php) > “click ctrl f” on your keyboard to bring up the search tab on the upper right hand side of your panel > search for smuss.net (or whatever website the “here” link brings you too.) I’m talking about the “here” link that we are trying to get rid of on our pages> The search will bring you to a URL. Mine brought me to “http://smuss.net/jquery-1.6.3.min.js” > delete the entire URL between the “” but leave the “” and update the page. Then the problem will be fixed.

If you are not logged into wordpress extract your theme in a folder > open the theme folder > right click on functions.php > open file with notepad > scroll to the bottom of the page > look about 15 lines up for the URL and delete it > click “save” under “file” in the menu > close the notepad. Then the problem will be fixed. If you do not see the URL near the bottom (aprox 15 lines up) then you will have to search for it in this file and delete it.

This took me awhile today to track down and fix so I hope this helps someone else other than me

I just downloaded and installed the plugin. Sucuri.net scans have revealed multiple malware threats whereas the MLS plugin does not seem to find these threats. Also, when I run a scan on the publc_html, the scan seems to be running for several minutes and then it just stops. All the while, the percent complete indicator remains at zero. Any idea what might be happening?

Thanks for providing WP Admin credentials to your site. I was able to figure out why is was not finishing the scan. First, it looks like you’ve got 20+ domains installed under the main site’s public_html directory, so the Quick Scan is not an viable option. Second, you have at least one symbolic link to the public_html directory inside the public_html directory, this causes infinite recursion when drilling down through the directory structure (in order to understand recursion you must first understand recursion)
I have added the public_html directory to the exclude path so that it will not be followed a second time through. I also add the wp-snapshots directory to the exclude path just to save time. It will now scan over 5,500 folders including all those other domains but it will take some time to do a Complete Scan.

I want to skip some files, but I can’t edit ‘Skip files with the following extentions’. If I remove the standardextentions ‘png,jpg,jpeg,gif,bmp,tif,tiff,exe,zip,pdf’ the plugin still scans these extentions. Please help.

You will want to skip any binary files as they are generally larger then ascii files and do not contain any scripts. I had designed it so that you could not completely clear this field, assuming that you would always need to exclude something. I have, however, fixed it so that you can now clear this field and scan all files. Keep in mind it will likely be a waste of time to scan binary files for malicious text patterns.

These 2 “Alerts” you are talking about are from Sucuri.net and they are cached from 2 days ago. I just had Sucuri refresh their cache by clicking “Re-Scan” on their site and the results confirmed that your site is now clean.

It’s not something to worry about. I am setting the timeout to 60 seconds in a recursive loop so that it does not get stock in some part of that scan process. Your server’s security settings seem to be stopping me from setting that value.
I will suppress this error in my next release by changing set_time_limit to @set_time_limit. You can add the @ to your version if you want to suppress these errors now.

It should say “Your Installation Key is Registered” in green letters in the Definition Updates section on the right. It should also say “Your Definitions file is current” below that. You want to make sure that you have downloaded the latest definitions. Then you want to scan your whole site (not just the plugins directory).

I wouldn’t worry about those “Potential Threats” in Yellow, it’s just the ones in Red you should repair.

Unfortunately, when I did a wp-content scan, it listed a bunch of files from one plugin in red. This is a very valuable auto-blogging plugin, and I wouldn’t want to do anything to harm it unnecessarily. What does repairing involve?

Trying to do a public_html scan, I got this error: Fatal error: Maximum execution time of 30 seconds exceeded in /home/thewebdr/public_html/wp-content/plugins/gotmls/index.php on line 82

I had seen that in the wp-content scan, and I added to a php.ini in public_html:
max_execution_time = 600
I don’t know why it’s not taking effect.

My plugin was designed to remove the threat from an infected file without breaking the file. Admittedly it’s not always 100% effective and I have had a couple of False Positives in the past. So, make a backup of the plugin and then run the Automatic Repair and see what happens. There is also a link to revert the changes if it dies break something.

There are also two lines in a recursive loop within plugins/gotmls/images.php (lines 244 and 276) where you would need to change
set_time_limit(30);
to a higher number.

Once again your great plugin spotted malware on several of my sites and then removed it. I’m just waiting to see if it sneeks back in again but meanwhile although I’ve already made a modest donation I’ve decided to make another one each time another infection is spotted.

Hi, I love the plugin, but I run multiple sites, and it’s not letting me use the plugin on site 2 with the same email address I used for site 1. Is there a developer’s package, or some way to do this? I use the same admin email for all of the sites. I did donate! Thanks!

I am working on supporting multiple domains registered under one email account. As a test I have manually registered another one of your domains under the same account you already have (the one I added is the same one you use as your email address). If you install my GOTMLS Plugin on that domain you should see that it is already registered. You should also see that it has the ability to scan one level higher in your directory hierarchy. Hopefully this will enable you to scan all your domains on that server from one WP Admin. Please let me know if this works for you as desired or if you have any problems.

I’m having a problem here too. I currently have two sites registered with gotmls.net (and I’ve donated!). But I can’t figure out how to add another site. There’s no way to do it after you’ve logged in.

The best way to register any site is to install the plugin on that site and then use the built-in registration for on the Anti-Malware Settings page in the WP-Admin of the site you want to register. If you use the same email address on the form as you did on the registration for your other sites then all your site will be registered under the same account. If you already registered the new site under a different email then you can login to that account on gotmls.net and transfer that site’s registration to your other account so that they are all together.

Usually the Potential Threats are ok. If you find Known Threats and remove them then you site will likely come up clean. You can request a review from Google in your Webmaster Tools account if you are still getting warnings from the search engine.

The cost of the donation is well worth the product. People must remember, if people like Eli Scheets were not here, we would be paying far more for a product that expires frequently and costs many times more than your donation.